Rails 7.1 improved Rails’s security posture and made Rails more friendly with modern browsers by shipping HTML5-compliant sanitizers by default. Great! But the journey there was no a straight road… @shopify Director of Engineering Mike Dalessio shares the story of planning and executing a complex migration task on a major open-source project, a multi-year journey that started in 2015 with a security vulnerability and ended after coordinating major changes upstream to Action View, Rails::HTML::Sanitizer, Loofah, and Nokogiri, and taking over maintenance of libgumbo. Slides are online at http://mike.daless.io/prez/2023/10/06/rails-world-rails-html5/ Links: https://rubyonrails.org/ https://github.com/rails/rails-html-sanitizer https://api.rubyonrails.org/classes/ActionView/Helpers/SanitizeHelper.html #RailsWorld #RubyonRails #rails #Rails7 #opensource #security #HTML5 #nokogiri #libgumbo #actionview Thank you Dell APEX for sponsoring the editing and post-production of these videos. Visit them at: https://dell.com/APEX